This paper outlines cross-domain security process requirements for IoT manufacturers at a meta-level with an international focus. Its purpose is to identify fundamental processes for the three core security competences: prevention, detection and reaction.
By implementing these processes manufacturers may achieve basic security hygiene for their IoT products and organization. The requirements outlined here are in accordance to international standards addressing security. However, the paper is solely voluntary in its nature and does not determine the implementation of specific norms and standards. Manufacturers can choose how to fulfill these requirements.
The paper represents the current status of the ZVEI Horizontal Security Requirements project team and thus a common understanding and industry opinion of the ZVEI members. If there is a need for new (sectoral) process standards, we recommend this document for the minimum requirements that should be included in a standard mentioned above..